"RA with lower CurHopLimit ..." sent by OPNSense

[jmw]

All my FreeBSD hosts on my LAN see this kernel message repeated roughly every 360 seconds:

<hostname> kernel: RA with lower CurHopLimit sent from fe80:n::a:b:c:d on <interface> (current = 255, received = 64). Ignored.

(where a:b:c:d is the EUI-64 for my OPNsense host, and n is the number that corresponds to the interface's scope ID in ifconfig)

I ran radvdump on one my hosts, and after a while it shows there are two distinct RAs sent from fe80::a:b:c:d. The differences are:

AdvManagedFlag off vs on
AdvDefaultLimetime 1200 vs 1800
AdvCurHopLimit 255 vs 64
AdvLinkMTU <not present> vs 1500
DNSSL <not present> vs home.arpa (what I'm using as the domain in OPNsense settings)

On the OPNsense host, I have Services > Router Advertisements > LAN set to Assisted. Interfaces > LAN > Track IPv6 Interface > Manual configuration is off. ISC DHCPv6 server is off for everything. The contents of /var/etc/radvd.conf mostly match the second:

interface <interface> {
   AdvSendAdvert on;
   AdvLinkMTU 1500;
   AdvManagedFlag on;
   AdvOtherConfigFlag on;
   prefix 2x:x:x:x::/64 { ... };
   RDNSS 2:x:x:x:a:b:c:d { };  <- this is the OPNsense host's routable IPv6 address
   DNSSL home.arpa { };
}

Is there some other process other than radvd that also sends out RAs on OPNsense?

[pfry]

"Services: Dnsmasq DNS & DHCP" has the option ("General" -> "DHCP"). But I wouldn't expect you'd activate it unintentionally.

[jmw]

dnsmasq DHCPv6 is indeed the other sender. I have it enabled in stateless mode so it can create AAAA records on the LAN. The solution is disable one of these, and since having AAAA for the dnsmasq-managed domain is a benefit, I turned off radvd. It does seem unfortunate that both announcers can be enabled simultaneously without some callout in the UI or documentation.